Virtual Chief Information Security Officer (vCISO) – (1099)

Must be US Citizen
Position: *Contingent Upon Contract Award*

This is a part-time executive advisory engagement (approximately 25-30 hours per month) for an initial 12-month period, with potential for extension.

Key Responsibilities:

• Provide executive-level cybersecurity advisory services, including governance, risk management, and strategic planning
• Establish and maintain cybersecurity governance structures, roadmaps, and reporting cadence
• Lead enterprise risk management activities, including risk register development, tracking, and executive reporting
• Support compliance and framework alignment (NIST CSF, NIST SP 800-171, CMMC, SOC 2, ISO 27001 as applicable)
• Guide CMMC readiness efforts, including coordination of documentation, audit preparation, and assessment support
• Provide executive reporting, dashboards, and strategic recommendations to support decision-making
• Advise on security operations, vulnerability management, and incident response governance
• Support cybersecurity investment planning, tool selection, and vendor evaluation
• Facilitate communication across technical teams, leadership, and external stakeholders
• Collaborate with delivery teams (e.g., Cyber Analysts, Project Managers) to ensure coordinated execution

• 10+ years of cybersecurity leadership experience (vCISO, CISO, or equivalent advisory role)
• Deep experience in governance, risk, and compliance (GRC) within regulated environments
• Strong working knowledge of NIST CSF, NIST SP 800-171, CMMC, and related frameworks
• Experience supporting audit readiness, compliance programs, and executive reporting
• Ability to translate technical risk into business-aligned recommendations
• Relevant certifications preferred (e.g., CISSP, CISM, CRISC, CCP)

Additional Information:
This engagement is structured as a 1099 independent consultant role. The consultant must be able to operate independently, provide strategic executive guidance, and engage effectively with senior leadership in a highly regulated cybersecurity environment.

Who We are:
Alluvionic is a woman-owned, 8(a) certified solutions provider of project management and process improvement services. We offer a wide range of products and services including extensive enterprise Process Improvement, CMMI (Capability Maturity Model Integration), CMMC (Cybersecurity Maturity Model Certification), PMO (Project Management Office), and ERP (Enterprise Resource Planning) implementations for clients in various industries, providing Project Assurance® for every project.
We pride ourselves in being a Registered Provider Organization (RPO) with the CMMC Accreditation Body.

What it’s like to work at Alluvionic:
Working at Alluvionic means being surrounded by helpful and brilliant people who want to support your career growth. We are a company that puts people first and will help you get where you want to go. When we make mistakes, we own them, fix them, and improve our processes so we do better next time. We work hard and never forget to have fun, especially at happy hour.
We live by our company values of Family, Integrity, Professionalism, Innovation, Forward-Progress, Organization, and Communication. We invite you to apply if you share values even if your career path has been nontraditional.
Alluvionic is an authorized DoD SkillBridge Partner Organization. The DoD SkillBridge program is an opportunity for servicemen & servicewomen to complete an internship during the last 180 days of service to gain valuable civilian career experience